How to fix "MUP.SYS" or "IASTOR.SYS" messages

Scenario: Your Windows XP PC does not boot. When booted in Safe Mode the last entry shown relates to a device driver called "MUP.SYS" or "IASTOR.SYS."

Detail: Your ATAPI.SYS driver under %SYSTEMROOT%\System32\Drivers (and probably %SYSTEMROOT%\System32\DllCache) is corrupt having been altered by a virus or other malicious code execution. One such virus known for causing this is TR/Patched.Gen. Don't worry about MUP.SYS or IASTOR.SYS as these entries are red-herrings for what is actually an issue with ATAPI.SYS. This port driver controls ATA/IDE disk access.

Fix: Replace %SYSTEMROOT%\System32\Drivers\ATAPI.SYS with a known good copy. There are several approaches. One is to remove the hard disk of the affected PC and access it via external caddy or as a slave drive of a working XP machine. Copy the ATAPI.SYS from the working PC to the affected drive. Or, you could use a boot disk such as BartPE and have a copy of ATAPI.SYS on USB drive for ready transference.

Conclusions: Make sure that your virus scanner is kept up to date and avoid visiting questionable sites with questionable content!

Other symptoms: Booting from the Windows XP CD in Recovery mode does not allow you to access the hard disk disclosing "An error occurred during directory enumeration" when executing the DIR command. Furthermore, you may see "The volume appears to contain one or more unrecoverable errors" immediately on running CHKDSK. FIXBOOT and FIXMBR may return "cannot find system drive" and "invalid MBR" respectively.

Links to Other Resources